SecureCookieSessionInterface Class — flask Architecture
Architecture documentation for the SecureCookieSessionInterface class in sessions.py from the flask codebase.
Entity Profile
Dependency Diagram
graph TD 6e107b72_bfbc_d580_f6b3_676e4292673a["SecureCookieSessionInterface"] bbf56873_bd71_6e70_f44c_ca8a85b0a007["SessionInterface"] 6e107b72_bfbc_d580_f6b3_676e4292673a -->|extends| bbf56873_bd71_6e70_f44c_ca8a85b0a007 f793a407_79ea_667a_f29e_29bbf57c781f["sessions.py"] 6e107b72_bfbc_d580_f6b3_676e4292673a -->|defined in| f793a407_79ea_667a_f29e_29bbf57c781f e5e2a111_00ef_e01a_ff8b_016b8e6f11af["get_signing_serializer()"] 6e107b72_bfbc_d580_f6b3_676e4292673a -->|method| e5e2a111_00ef_e01a_ff8b_016b8e6f11af d601925b_3494_f541_847b_645b340fc0a1["open_session()"] 6e107b72_bfbc_d580_f6b3_676e4292673a -->|method| d601925b_3494_f541_847b_645b340fc0a1 58643c3f_4184_c18b_8361_a7d628d93359["save_session()"] 6e107b72_bfbc_d580_f6b3_676e4292673a -->|method| 58643c3f_4184_c18b_8361_a7d628d93359
Relationship Graph
Source Code
src/flask/sessions.py lines 298–399
class SecureCookieSessionInterface(SessionInterface):
"""The default session interface that stores sessions in signed cookies
through the :mod:`itsdangerous` module.
"""
#: the salt that should be applied on top of the secret key for the
#: signing of cookie based sessions.
salt = "cookie-session"
#: the hash function to use for the signature. The default is sha1
digest_method = staticmethod(_lazy_sha1)
#: the name of the itsdangerous supported key derivation. The default
#: is hmac.
key_derivation = "hmac"
#: A python serializer for the payload. The default is a compact
#: JSON derived serializer with support for some extra Python types
#: such as datetime objects or tuples.
serializer = session_json_serializer
session_class = SecureCookieSession
def get_signing_serializer(self, app: Flask) -> URLSafeTimedSerializer | None:
if not app.secret_key:
return None
keys: list[str | bytes] = []
if fallbacks := app.config["SECRET_KEY_FALLBACKS"]:
keys.extend(fallbacks)
keys.append(app.secret_key) # itsdangerous expects current key at top
return URLSafeTimedSerializer(
keys, # type: ignore[arg-type]
salt=self.salt,
serializer=self.serializer,
signer_kwargs={
"key_derivation": self.key_derivation,
"digest_method": self.digest_method,
},
)
def open_session(self, app: Flask, request: Request) -> SecureCookieSession | None:
s = self.get_signing_serializer(app)
if s is None:
return None
val = request.cookies.get(self.get_cookie_name(app))
if not val:
return self.session_class()
max_age = int(app.permanent_session_lifetime.total_seconds())
try:
data = s.loads(val, max_age=max_age)
return self.session_class(data)
except BadSignature:
return self.session_class()
def save_session(
self, app: Flask, session: SessionMixin, response: Response
) -> None:
name = self.get_cookie_name(app)
domain = self.get_cookie_domain(app)
path = self.get_cookie_path(app)
secure = self.get_cookie_secure(app)
partitioned = self.get_cookie_partitioned(app)
samesite = self.get_cookie_samesite(app)
httponly = self.get_cookie_httponly(app)
# Add a "Vary: Cookie" header if the session was accessed at all.
if session.accessed:
response.vary.add("Cookie")
# If the session is modified to be empty, remove the cookie.
# If the session is empty, return without setting the cookie.
if not session:
if session.modified:
response.delete_cookie(
name,
domain=domain,
path=path,
secure=secure,
partitioned=partitioned,
samesite=samesite,
httponly=httponly,
)Domain
Defined In
Extends
Source
Frequently Asked Questions
What is the SecureCookieSessionInterface class?
SecureCookieSessionInterface is a class in the flask codebase, defined in src/flask/sessions.py.
Where is SecureCookieSessionInterface defined?
SecureCookieSessionInterface is defined in src/flask/sessions.py at line 298.
What does SecureCookieSessionInterface extend?
SecureCookieSessionInterface extends SessionInterface.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free